CVE-2009-2064
Published Jun 15, 2009
Last updated 6 years ago
Overview
- Description
- Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFF1D247-1AF2-44C6-81D2-9C868A62BC00",
"versionEndIncluding": "8"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59159262-BA89-46B9-B16F-0CC6A5502C58"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3B85C32-02F5-43F5-8BBB-5A240F99BAA9"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06E95EE4-23D8-40F7-9DFF-6C835AB62AE7"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21CCF994-2F4D-44FE-89F7-0F92734D5AF4"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AC33FCB-8A30-497E-8369-D6A0A30EEB23"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F51C049-0E1B-42DE-898D-E18B350EE7D0"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5354582-A1D1-46CB-A05A-A086820C1013"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8075385C-29C6-4E2D-938A-CD1444892609"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3168D511-6FFD-40D0-B46B-352C6A1CF34C"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2002:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87D57619-255D-46DD-9C32-E4B7F5F3689A"
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2003:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6284FCA-2362-42A2-A9FE-E6E385191E4D"
}
],
"operator": "OR"
}
]
}
]